The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one that could allow remote attackers to execute arbitrary code on the server.
Oracle said on Tuesday that its monthly round of patches for July includes 89 fixes, 27 of which address remotely exploitable vulnerabilities in four widely used products.
Microsoft has already received several vulnerability reports that qualify for monetary rewards as part of the company's bug bounty program launched in June for the preview version of Internet Explorer 11.
Of the six critical security bulletins Microsoft issued in its Patch Tuesday monthly release of software updates, three address a vulnerability in how Microsoft software renders fonts.
Microsoft's monthly patch release for July will cover seven security issues, six of which could be remotely exploited by an attacker.
A critical vulnerability that could allow remote attackers to access sensitive enterprise log-in credentials and other data was fixed last week in Crowd, a single sign-on (SSO) and identity management tool used by large organizations to simplify access to their internal Web applications and services.
ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.
Cisco Systems released security patches for its email, Web and content security appliances in order to address vulnerabilities that could allow attackers to execute commands on the underlying OS or disrupt critical processes.
SAP has significantly improved the security of its products over the past few years but many of its customers are negligent with their deployments, which exposes them to potential attacks that could cripple their businesses, according to security researchers.
Microsoft will pay security researchers for finding and reporting vulnerabilities in the preview version of its Internet Explorer 11 (IE 11) browser, for finding novel techniques to bypass exploit mitigations present in Windows 8.1 or later versions and for coming up with new ideas to defend against exploits.
Oracle addressed 40 security issues in Java and enabled online certificate revocation checking by default in its scheduled critical patch update for Java on Tuesday.
Oracle is set to release a patch set for Java SE that targets 40 security vulnerabilities.
A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers. The handling of digital certificates in Windows was also improved.
The Internet Systems Consortium (ISC), the organization that develops and maintains the widely used BIND DNS (Domain Name System) software, has patched a publicly disclosed vulnerability that can be used to remotely crash DNS servers running recent releases of BIND 9.
Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments.